package d.d.b.a.d;

import android.annotation.TargetApi;
import com.sophos.cloud.exceptions.CertificatePinningException;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;

@TargetApi(24)
/* loaded from: classes.dex */
public final class m extends X509ExtendedTrustManager {

    /* renamed from: f, reason: collision with root package name */
    private static m f12737f;

    /* renamed from: b, reason: collision with root package name */
    private final d.d.b.a.c.d f12739b;

    /* renamed from: a, reason: collision with root package name */
    private int f12738a = 0;

    /* renamed from: d, reason: collision with root package name */
    private boolean f12741d = true;

    /* renamed from: e, reason: collision with root package name */
    private boolean f12742e = true;

    /* renamed from: c, reason: collision with root package name */
    private final X509ExtendedTrustManager f12740c = c();

    private m(d.d.b.a.c.d dVar) {
        this.f12739b = dVar;
    }

    private void a(X509Certificate[] x509CertificateArr) throws CertificateException {
        if (this.f12742e) {
            String m = h.m(x509CertificateArr[0].getEncoded());
            List<String> sSLCertHash = this.f12739b.getSSLCertHash();
            if (sSLCertHash.isEmpty() || sSLCertHash.contains(m)) {
                return;
            }
            if (this.f12738a == 0) {
                this.f12739b.onCertPinningError();
            }
            int i2 = this.f12738a;
            if (i2 == 3) {
                this.f12738a = 0;
            } else {
                this.f12738a = i2 + 1;
            }
            com.sophos.smsec.core.smsectrace.c.S("TMEX", "Certificate hash does not match! Hash : " + m + " pinned hashes: " + sSLCertHash.toString());
            throw new CertificatePinningException("Certificate hash does not match!");
        }
    }

    public static m b(d.d.b.a.c.d dVar) {
        if (f12737f == null) {
            f12737f = new m(dVar);
        }
        return f12737f;
    }

    private X509ExtendedTrustManager c() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509ExtendedTrustManager) {
                    return (X509ExtendedTrustManager) trustManager;
                }
            }
            return null;
        } catch (KeyStoreException e2) {
            com.sophos.smsec.core.smsectrace.c.k("TMEX", e2);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            com.sophos.smsec.core.smsectrace.c.k("TMEX", e3);
            return null;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        com.sophos.smsec.core.smsectrace.c.v("TMEX", "checkClientTrusted");
        if (this.f12741d) {
            this.f12740c.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        com.sophos.smsec.core.smsectrace.c.v("TMEX", "checkClientTrusted");
        if (this.f12741d) {
            this.f12740c.checkClientTrusted(x509CertificateArr, str, socket);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        com.sophos.smsec.core.smsectrace.c.v("TMEX", "checkClientTrusted");
        if (this.f12741d) {
            this.f12740c.checkClientTrusted(x509CertificateArr, str, sSLEngine);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        com.sophos.smsec.core.smsectrace.c.v("TMEX", "checkServerTrusted");
        if (this.f12741d) {
            this.f12740c.checkServerTrusted(x509CertificateArr, str);
        } else {
            com.sophos.smsec.core.smsectrace.c.v("TMEX", "we trust this server");
        }
        a(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        com.sophos.smsec.core.smsectrace.c.v("TMEX", "checkServerTrusted");
        if (this.f12741d) {
            this.f12740c.checkServerTrusted(x509CertificateArr, str, socket);
        } else {
            com.sophos.smsec.core.smsectrace.c.v("TMEX", "we trust this server");
        }
        a(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        com.sophos.smsec.core.smsectrace.c.v("TMEX", "checkServerTrusted");
        if (this.f12741d) {
            this.f12740c.checkServerTrusted(x509CertificateArr, str, sSLEngine);
        } else {
            com.sophos.smsec.core.smsectrace.c.v("TMEX", "we trust this server");
        }
        a(x509CertificateArr);
    }

    public void d(boolean z) {
        this.f12741d = z;
    }

    public void e(boolean z) {
        this.f12742e = z;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        com.sophos.smsec.core.smsectrace.c.v("TMEX", "getAcceptedIssuers");
        if (this.f12741d) {
            return this.f12740c.getAcceptedIssuers();
        }
        return null;
    }
}
